Adding a value to a host_vars file from an ansible play

Archives Ansible Project
1

Hi again,

next question:

Bootstrapping a new server, creating a user, setting a random
password. Works like a charm.

But is it possible to save the generated password in the corresponding
host_vars file for the new server?

Johannes

2

I have a slightly different approach to this. I have a relatively generic pooldata action plugin. This is used in a play like this:-

- name: Get root password
  pooldata:
    data_file:      pooldata/rootpw/used/{{inventory_hostname}}.json
    pool_directory: pooldata/rootpw/pool

- name: Set root password
  user:  
    name:     root
    state:    present
    password: '{{ generated_root_password.crypted_password }}'
    comment:  'Superuser Account'

If there is a file corresponding to the data_file then the (JSON) contents of that are loaded into facts.

Otherwise a random file from the pool_directory is renamed to the data_file and that is loaded.

The files are autogenerated by a script, and look like this:-

{
   "generated_root_password" : {
      "crypted_password" : "$6$U2.gCoRx$r19ANf9aUP2/Eqvj.SciaMFo5QXDS8pp1gKtQQMGJrb571V8Tp.dCNCeKhnqWllQ39g.5VZjBI7a4vjnJqwr31",
      "tag" : "ceVePaDa",
      "record_number" : 2049
   }
}

The script that generates them also generates a lookup table stored separately of the actual password against the tag/record number. This means the clear text root passwords are not stored on the ansible box.

This dance is done to allow the “database” to be easily held in git without potentially hitting difficult merge issues if there are branches etc.

I’m very happy to make the pooldata plugin available - I should have cleaned it up and pushed it to github years ago!

Nigel.
3

Hi Nigel,

I have a slightly different approach to this. I have a relatively generic pooldata action plugin. This is used in a p

Thanks for the answer. I am always interested in new things to learn,
so if you drop me a line if you put the script on github that would be
awesome.

Nevertheless, the root password stuff is not the only thing I would
need the change-stuff-in-host_vars-file for. So I would be interested
if this is possible. Without using a 'lineinfile' on the local host...

Johannes